Table of Content: * Pen Testing: Why We Do It DAVID SMALL We’re penetration testers. What do we do? Why do we do it? What does it say about us? * Fixing the Industry IFTACH IAN AMIT, CHRIS NICKERSON Penetration testing has been a skill (some say an art) for as long as we can remember information security and the computer industry. * Building a Better Penetration Test Report BILL MATHEWS Do you build reports for your penetration tests? Want to make them more useful and more readable? * How Fuzzy Are You Today? A Guide to Client-Side Fuzzing Using Peach ADRIAN FURTUNA What do you do if your targets are fully patched and you do not find any configuration issues during a penetration test? * Dueling Apache Tomcat JOVON ITWARU Setting up a JSP-enabled web server is cumbersome and complex. * Heuristic Methods vs. Automated Scanners Which is the most efficient? Humans? Machines? Or the two in tandem? HANS-MICHAEL VARBAEK As most penetration testers know, a manual check of a Web Application can be much more thorough than a completely automated one. * Operationalizing Penetration Testing Results Using Network Monitoring Software – All For Free BILL MATHEWS We will model the results of a penetration test using network and application monitoring tools. * Pulling Shellcode From Network Stream SALAHUDIN WAN KHAIRUZZAMAN In computer security terms, a shellcode is used as a payload in exploiting software vulnerabilities. * Interview with Gary McGraw, Ph.D. CTO Cigital Gary McGraw from Cigital about his views on software security and the Building Security In Maturity Model.